CoG jGlobus 1.8.0 Upcoming, Feedback Welcome

The Globus team is planning the next major release of features provided by CoG JGlobus and CoG JGlobus-FX libraries. The first update will cover the GSI features, and will be followed up with support for GridFTP and GRAM clients. NCSA plans to upgrade the MyProxy clients also. The primary goals of the release are

upgrade third-party libraries

port to standard security Java APIs

improve package and distribution model

deprecation of unused code

The following changes are being planned for the GSI features, which will remain protocol complaint with CoG JGlobus 1.8, but not API compliant. All existing features are expected to be supported, with the following changes:

Upgrade to use standard Java SSL library, and replace PureTLS and supporting libraries. This will not only deprecate the use of unsupported PureTLS, but also provide access to better security algorithms, such has SHA2.

Use Java Security Provider framework and standard API, thus facilitating use of any standard provider implementations for processing certificates and CRLs, path validation and trust managers.

Support for legacy and draft proxy certificates will be dropped, and only RFC 3820 Proxy Certificate will be supported.

The following packages are planned, such that the distribution will not be a single jar:

jGlobus GSI 2.0

GSI Core - API for creation of proxy credentials, and utility API to deal with proxy credentials/certificate chains, as needed.

GSI TrustManager - Trust Manager for Java SSL with support for RFC 3820 Proxy Certificate and Signing Policy and authorization.